ITUA Project - Intrusion Tolerance by Unpredictable Adaptation

Intrusion Tolerance by Unpredictable Adaptation

About the Project

The "Intrusion Tolerance by Unpredictable Adaptation (ITUA)" project is supported by the Defense Advanced Research Projects Agency (DARPA). It is a joint effort of BBN Technologies, the University of Illinois, the University of Maryland, and Boeing. The principal investigator is Partha Pal. BBN has their own ITUA project page.

People at the University of Illinois

Faculty

Bill Sanders

Staff

Adnan Agbaria
Tod Courtney
Mouna Seri

Students

Vishu Gupta (alumnus)
James Lyons (alumnus)
Hari Ramasamy
Sankalp Singh

People at BBN

Michael Atighetchi
Chris Jones
Joe Loyall
Partha Pal
Rick Schantz
Paul Rubel
Franklin Webber
Idit Keidar (MIT/Technion)

People at the University of Maryland

Faculty

Michel Cukier

Student

Wei Zhang

People at Boeing

David Corman
Jeanna Gossett

Background and Motivation

Three factors have significantly lowered our ability to withstand hostile attacks on critical information systems: 1) an economic mandate to construct systems with more cost-effective commercial off-the-shelf (COTS) solutions, thereby accepting known and unknown limitations; 2) the increasingly sophisticated nature of commonly available technologies, capable of mounting more complex and sustained attack patterns against these systems; and 3) the fact that systems are increasingly inter-networked and need to remain open to meet interoperability goals. The first of these factors makes it more likely that some systems will be compromised and corrupted by adversaries. The second makes it likely that preplanned, coordinated, and sustained attacks will be mounted against high-value systems. The third implies that effects of successful intrusion will be compounded as multiple systems are impacted. All of these factors have led to the ITUA project, which will significantly increase our understanding and tolerance of such attacks, thereby indirectly raising the ante on mounting a successful attack of this type. We know of no other work investigating and developing responses to coordinated, sustained attack profiles.
Our technical approach to this problem area is to combine advanced redundancy management techniques (specifically countering faults resulting from a partially successful attack) with techniques that produce unpredictable (to the attacker) and variable responses to complicate the ability to preplan a coordinated attack. We are developing new Byzantine algorithms that tolerate the characteristic Byzantine faults resulting from a class of staged, coordinated intrusions. This first line of defense will be augmented with reactive indeterminacy, based on distributed system techniques for flexible reconfiguration using an adaptive middleware and a set of decentralized managers, to coordinate these distributed responses to adapt the system's resources and redundancy aspects. If successful, the result will be an intrusion-tolerant core of proactive mechanisms augmented with reactive techniques for tolerating preplanned sustained attack profiles.
The inability of an adversary to preplan a sustained attack effectively in light of expected (but unpredictable) responses makes successful attacks both less likely and more expensive. This innovative approach would not be possible without the significant advances being made in parallel in developing flexible and agile distributed system infrastructure.
Investigation of the recent nuisance attacks on networked systems has revealed the increasing sophistication of attackers, and makes this type of new attack scenario very plausible. Therefore, investigating a potential response (proactive and reactive) is a high priority. Performing this work requires combining expertise from three different technical areas as well as having a realistic domain-specific context for ensuring a result relevant to current and future systems and concepts. Byzantine fault-tolerance techniques are a starting point, but need to be augmented to account for the fact that attacks may be staged. Security techniques are needed but can not by themselves prevent partially successful attacks on modern infrastructure. Distributed systems research and development is enabling a new generation of systems that can dynamically reconfigure to meet changes in operating conditions flexibly. Our team encompasses expertise in all three of these areas in order to devise an innovative, multi-phased approach to constructing intrusion-tolerant systems, for a specific pattern of intrusion (coordinated, partially successful, sustained).
Manual

ITUA-AQuA Gateway User's Guide (PDF format)

Publications

Overcoming Byzantine Failures using Checkpointing.
A. Agbaria and R. Friedman. (03AGB02)
University of Illinois at Urbana-Champaign Coordinated Science Laboratory technical report no. UILU-ENG-03-2228 (CRHC-03-14), December 2003.

Providing Intrusion Tolerance with ITUA.
T. Courtney, J. Lyons, H. V. Ramasamy, W. H. Sanders, M. Seri, M. Atighetchi, P. Rubel, C. Jones, F. Webber, P. Pal, R. Watro, M. Cukier, and J. Gossett. (02COU01)
Supplemental Volume of the 2002 International Conference on Dependable Systems & Networks (DSN-2002), Washington, DC, June 23-26, 2002, pp. C-5-1 to C-5-3.

Intrusion Tolerance Approaches in ITUA.
M. Cukier, J. Lyons, P. Pandey, H. V. Ramasamy, W. H. Sanders, P. Pal, F. Webber, R. Schantz, J. Loyall, R. Watro, M. Atighetchi, and J. Gossett. (01CUK01)
FastAbstract in Supplement of the 2001 International Conference on Dependable Systems and Networks, Göteborg, Sweden, July 1-4, 2001, pp. B-64 to B-65.

Intrusion-Tolerant State Transfer for Group Communication Systems.
V. Gupta. (03GUP02)
Master's Thesis, University of Illinois, 2003.

Dependability and Performance Evaluation of Intrusion-Tolerant Server Architectures.
V. Gupta, V. Lam, H. V. Ramasamy, W. H. Sanders, and S. Singh. (03GUP01)
Dependable Computing: Proceedings of the First Latin-American Symposium (LADC 2003), São Paulo, Brazil, October 21-24, 2003, Lecture Notes in Computer Science vol. 2847 (Rogério de Lemos, Taisy Silva Weber, and João Batista Camargo Jr., eds), Berlin: Springer, 2003, pp. 81-101.

Stochastic Modeling of Intrusion-Tolerant Server Architectures for Dependability and Performance Evaluation.
V. Gupta, V. Lam, H. V. Ramasamy, W. H. Sanders, and S. Singh. (03GUP03)
University of Illinois at Urbana-Champaign Coordinated Science Laboratory technical report UILU-ENG-03-2227 (CRHC-03-13), December 2003.

An Adaptive Quality of Service Aware Middleware for Replicated Services.
S. Krishnamurthy. (02KRI04)
Ph.D. Thesis, University of Illinois, 2002.

A Replication Protocol for an Intrusion-Tolerant System Design.
J. P. Lyons. (03LYO01)
Master's Thesis, University of Illinois, 2003.

An Architecture for Adaptive Intrusion-Tolerant Applications.
P. Pal, P. Rubel, M. Atighetchi, F. Webber, W. H. Sanders, M. Seri, H. Ramasamy, J. Lyons, T. Courtney, A. Agbaria, M. Cukier, J. Gossett, and I. Keidar. (04PAL01)
Special issue of Software: Practice and Experience on Experiences with Auto-adaptive and Reconfigurable Systems, vol. 36, no. 11-12, September-October 2006, pp. 1331-1354.

Survival by Defense-Enabling.
P. Pal, F. Webber, R. Schantz, J. Loyall, R. Watro, W. Sanders, M. Cukier, and J. Gossett. (01PAL01)
Proceedings of the New Security Paradigms Workshop 2001, Cloudcroft, New Mexico, September 11-13, 2001, pp. 71-78.

Reliable Delivery and Ordering Mechanisms for an Intrusion-Tolerant Group Communication System.
P. Pandey. (01PAN01)
Master's Thesis, University of Illinois, 2001.

Group Communication Protocols and a Framework for Intrusion-Tolerant Distributed Applications.
H. V. Ramasamy. (04RAM02)
Supplemental Volume of the IFIP World Computer Congress, Toulouse, France, August 22-27, 2004.

A Group Membership Protocol for an Intrusion-Tolerant Group Communication System.
H. V. Ramasamy. (02RAM01)
Master's Thesis, University of Illinois at Urbana-Champaign, 2002.

Parsimonious Service Replication for Tolerating Malicious Attacks in Asynchronous Environments.
H. V. Ramasamy. (05RAM05)
Ph.D. thesis, University of Illinois at Urbana-Champaign, 2005.

CoBFIT: A Component-Based Framework for Intrusion Tolerance.
H. V. Ramasamy, A. Agbaria, and W. H. Sanders. (04RAM03)
Proceedings of the 30th Euromicro Conference, Rennes, France, August 31-September 3, 2004, pp. 591-600.

A Parsimonious Approach for Obtaining Resource-Efficient and Trustworthy Execution.
H. V. Ramasamy, A. Agbaria, and W. H. Sanders. (05RAM04)
IEEE Transactions on Dependable and Secure Computing, vol. 4, no. 1, January-March 2007, pp. 1-17.

Parsimony-Based Approach for Obtaining Resource-Efficient and Trustworthy Execution.
H. V. Ramasamy, A. Agbaria, and W. H. Sanders. (05RAM01)
Dependable Computing: Proceedings of the 2nd Latin-American Symposium (LADC 2005), Salvador, Brazil, October 25-28, 2005, LNCS vol. 3747, Springer-Verlag, pp. 206-225.

Semi-Passive Replication in the Presence of Byzantine Faults.
H. V. Ramasamy, A. Agbaria, and W. H. Sanders. (04RAM01)
University of Illinois at Urbana-Champaign Coordinated Science Laboratory technical report no. UILU-ENG-04-2202 (CRHC-04-02), February 2004.

Formal Specification and Verification of a Group Membership Protocol for an Intrusion-Tolerant Group Communication System.
H. V. Ramasamy, M. Cukier, and W. H. Sanders. (02RAM02)
Proceedings of the 2002 Pacific Rim International Symposium on Dependable Computing (PRDC 2002) Tsukuba, Japan, December 16-18, 2002, pp. 9-18.

Formal Specification and Verification of a Group Membership Protocol for an Intrusion-Tolerant Group Communication System.
H. V. Ramasamy, M. Cukier, and W. H. Sanders. (03RAM05)
in Foundations of Intrusion Tolerant Systems (Jay Lala, ed.), pp. 251-260. Los Alamitos, CA: IEEE Computer Society, 2003. (Reprint of the conference paper with the same name.)

Formal Verification of an Intrusion-Tolerant Group Membership Protocol.
H. V. Ramasamy, M. Cukier, and W. H. Sanders. (03RAM01)
IEICE Transactions on Information and Systems special issue on Dependable Computing, vol. E86-D, no. 12, December 2003, pp. 2612-2622.

Experiences with Building an Intrusion-Tolerant Group Communication System.
H. V. Ramasamy, P. Pandey, M. Cukier, and W. H. Sanders. (06RAM02)
Software-Practice and Experience, vol. 38, no. 6, May 2008, pp. 639-666.

Quantifying the Cost of Providing Intrusion Tolerance in Group Communication Systems.
H. V. Ramasamy, P. Pandey, J. Lyons, M. Cukier, and W. H. Sanders. (01RAM01)
Proceedings of the 2002 International Conference on Dependable Systems and Networks (DSN-2002), Washington, DC, June 23-26, 2002, pp. 229-238.

Quantifying the Cost of Providing Intrusion Tolerance in Group Communication Systems.
H. V. Ramasamy, P. Pandey, J. Lyons, M. Cukier, and W. H. Sanders. (03RAM06)
in Foundations of Intrusion Tolerant Systems (Jay Lala, ed.), pp. 241-250. Los Alamitos, CA: IEEE Computer Society, 2003. (Reprint of the conference paper with the same name.)

The CoBFIT Toolkit.
H. Ramasamy, M. Seri, and W. H. Sanders. (07RAM01)
Proceedings of the 26th Annual ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing (PODC 2007), Portland, Oregon, Aug. 12-15, 2007, pp. 350-351.

Probabilistic Validation of Intrusion Tolerance.
W. H. Sanders, M. Cukier, F. Webber, P. Pal, and R. Watro. (02SAN02)
Fast Abstract in the Supplemental Volume of the 2002 International Conference on Dependable Systems & Networks (DSN-2002), Washington, DC, June 23-26, 2002, pp. B-78 to B-79.

A Configurable CORBA Gateway for Providing Adaptable System Properties.
M. Seri, T. Courtney, M. Cukier, V. Gupta, S. Krishnamurthy, J. Lyons, H. Ramasamy, J. Ren, and W. H. Sanders. (02SER01)
Supplemental Volume of the 2002 International Conference on Dependable Systems & Networks (DSN-2002), Washington, DC, June 23-26, 2002, pp. G-26 to G-30.

Ferret: A Host Vulnerability Checking Tool.
A. Sharma, J. R. Martin, N. Anand, M. Cukier, and W. H. Sanders. (03SHA01)
Proceedings of the 10th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC-10), Papeete, Tahiti, French Polynesia, March 3-5, 2004, pp. 389-394.

Probabilistic Validation of an Intrusion-Tolerant Replication System.
S. Singh. (03SIN02)
Master's Thesis, University of Illinois, 2003.

Probabilistic Validation of an Intrusion-Tolerant Replication System.
S. Singh, M. Cukier, and W. H. Sanders. (03SIN01)
Proceedings of the 2003 International Conference on Dependable Systems and Networks (DSN-2003), San Francisco, CA, June 22-25, 2003, pp. 615-624.

The following copyright notice applies to all of the above items that appear in IEEE publications:

Personal use of this material is permitted. However, permission to reprint/publish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from IEEE.